We had a bit of trouble at first getting some Acer K272HUL monitors to work with some Macs on campus, and Google searches came up with threads like this, which offered some helpful tips, but not a full solution.

So if you happen to have an Acer K272HUL (or perhaps a similar model) and some Mac desktops, you may find this post helpful.

Problem: We couldn’t get the Acer monitors to recognize our Mac computers (running Yosemite, though I’m not sure that made a difference) using HDMI cables. Then we tried using a MiniDisplayPort-to-DVI cable, and the Acer monitor recognized the connection but wouldn’t display at full resolution (we could get tiny resolution in the center of the screen or pixelated stretched resolution).

Solution: First, on the monitor, go to the settings and make sure the DP version is set to 1.1 and not 1.2.

Then get a MiniDisplayPort-to-DisplayPort connector.

That’s it. Full resolution.

Update (9 January, 2018): So the above blog post was for Mac Pros connecting to the monitor. If you try to connect a MacBook Air running High Sierra, the HDMI connection will “work” but may flicker. You should still use a Displayport connection.

Update: The easiest way to do this is actually to install Offset and then put a RemoveLastUserKeychains script into /usr/local/offset/logout-every (make sure it's owned by root:wheel and has 755 permissions).

What's the problem?

If you're in a primarily or exclusively Mac environment, but you're managing logins through Active Directory, password changes on the AD level confuse the local Macs, which will log you in just fine but will not know what to do with your previous login keychain.

One potential solution is to delete the keychains after a mandatory password change... or just at a regular interval. Here are two ways to do that.

Method #0: Use a Launch Agent

Method #1: Use a Logout Hook

Why you might not want to use the logout hook

Apple deprecated the login/logout hooks as of Mac OS X 10.4 (Tiger), and—as of this writing—we're up to OS X 10.10 (Yosemite), and the hooks still work. In theory, though, Apple could yank support for the login/logout hooks at any time.

Credit where credit is due...

Instructions

Make a location for your script

Amsys recommends creating one special for your organization (they use /Library/amsys, and we would use /Library/siprep), so create one appropriate for your organization.

In the terminal, you can create that directory using this command:

sudo mkdir -p /Library/nameofyourorg

Make your script

To make the script, you can use the graphical text editor of your choice (e.g., TextWrangler or Sublime Text). If you prefer Mac OS X's built-in TextEdit, just be sure you're saving as plain text and not rich text format. Just remember, once you copy the script to /Library/nameofyourorg, that you need to change ownership of the file to root (owner) and wheel (group).

A simple way to use the terminal to make the script (and avoid having to change ownership of the file later) is to just use the built-in text editor, nano:

sudo nano /Library/nameofyourorg/CleanKeychain.sh

Then, paste in this code:

#!/bin/sh
rm -Rf /Users/$1/Library/Keychains/*
exit 0

Then save (Control-X).

Amsys had $USER instead of $1, but I couldn't get the script to work unless I used $1.

Make the script executable

Whether you used a graphical text editor or a terminal based one, you'll still want to change the permissions on the file so anyone can execute it:

Add your script to the logout hook

Method #2: Use a Launch Daemon at boot time

Introduction

This second method uses a Launch Daemon (which is not deprecated), but it also assumes you will reboot the machine from time to time (for example, if you have your machines scheduled to reboot every night or every weekend).

The advantage, of course, is that if Apple decides to no longer support the logout hook, this method will likely still work. The disadvantage is that this will work only when you reboot the machine and not every time a user logs out.

So what this does is, at boot time at a system level, just delete all user keychains.

Instructions

Create the shell script

Similarly to the other method, we're going to create (if it doesn't already exist yet), a custom directory for your organization:

sudo mkdir -p /Library/nameofyourorg

Then make the script (again, you can do this in your favorite graphical text editor, move it over to the directory, and then change ownership to root user and wheel group, but this is a fairly straightforward way to do it one fell swoop without having to change ownership later):